source="something_source" topic="something_topic1" OR topic="something_topic2" earliest = "-1d" client="cpu1305" | stats latest(msg) as Valuess by topic
Now, this search returns suppose like below:
**topic** **Valuess**
something_topic1 3
something_topic2 7
Here, if the value of something_topic1 is say 3, then i only want to display the row 'something_topic2', else I want to simply remove this row( 'something_topic2') from my stats result
@avisri
Try below
| makeresults | eval topic="topic1",values=3 | append[| makeresults |eval topic="topic2",values=7 ] |eval topicx=if(topic="topic1" and values=3 ,"%","topic1") | eventstats first(topicx) as topicx |where topic like(topicx) |table topic values
@avisri
Try below
| makeresults | eval topic="topic1",values=3 | append[| makeresults |eval topic="topic2",values=7 ] |eval topicx=if(topic="topic1" and values=3 ,"%","topic1") | eventstats first(topicx) as topicx |where topic like(topicx) |table topic values
Hi @avisri
Sorry, your accepted answer not reflected to my karma points. Can you please do it again